Rapid Prototyping Formal Systems in MMT: 5 Case Studies Dennis M - - PowerPoint PPT Presentation

1

Rapid Prototyping Formal Systems in MMT: 5 Case Studies

Dennis M¨ uller and Florian Rabe

Computer Science, University Erlangen-N¨ urnberg, Germany LRI, University Paris-Sud, France

June 2019

Motivation 2

Motivation

Motivation 3

Logical Frameworks

= meta-logic in which syntax and semantics of object logics are defined Automath, LF, Isabelle

Advantages

◮ Universal concepts

expressions, substitution, typing, equality, . . .

◮ Meta-reasoning

consistency, logic translations, . . .

◮ Rapid prototyping

type reconstruction, theorem proving, . . .

◮ Generic tools

theorem prover, module system, IDE, . . .

Simplicity vs. expressivity

◮ Meta-logic must be simple to be scalable, trustworthy ◮ Object logic must be expressive to be practical ◮ Big challenge for frameworks

Motivation 4

Designing Logical Frameworks

Typical approach:

◮ choose a λ-calculus ◮ add other features

◮ logic programming (λ-Prolog) ◮ meta logic (Twelf, Abella) ◮ proof assistant for object logic (Isabelle) ◮ concurrency (CLF) ◮ reasoning about contexts (Beluga) ◮ rewriting (Dedukti) ◮ external side conditions (LLFP) ◮ coupling with proof-assistant support (Hybrid) ◮ user-defined unification hints (ELPI) ◮ . . .

Problems

◮ Divergence due to choice of other features ◮ Even hypothetical union not expressive enough for real-life logics

no way to define, e.g., HOL Light, Mizar, PVS

Motivation 5

Experimentation with Formal Systems

Customize the system fundamentals

◮ increasingly complex problem domains

e.g., mathematics, programming languages

◮ plain formalization introduces too many artifacts to be

human-readable

◮ therefore: allow users to define how to interpret human input

e.g., custom parsing, type reconstruction

Examples:

◮ unification hints (Coq, Matita)

◮ extra-logical declarations ◮ allow users to guide incomplete algorithms (e.g., unification)

◮ meta-programming (Idris, Lean)

◮ expose internal datatypes to user ◮ allow users to program extensions in the language itself

Motivation 6

MMT = Meta-Meta-Theory/Tool

Problem:

◮ logical frameworks not expressive for practical logics ◮ more system experimentation needed ◮ trend towards fine-grained user control

Foundation-independence: use logical frameworks without committing to a specific one Mathematics Logic Logical Fra- meworks Foundation- Independence MMT logical frameworks logic, programming language, . . . domain knowledge

The UniFormal Library 7

The UniFormal Library

The UniFormal Library 8

Large Scale Example: The LATIN Atlas

◮ DFG project 2009-2012 (with DFKI Bremen and Jacobs Univ.) ◮ Highly modular network of little logic formalizations

◮ separate theory for each ◮ connective/quantifier ◮ type operator ◮ controversial axioms

e.g., excluded middle, choice, . . .

◮ base type ◮ reference catalog of standardized logics ◮ documentation platform

◮ Written in MMT/LF ◮ 4 years, with ∼ 10 students, ∼ 1000 modules

The UniFormal Library 9

The LATIN Atlas of Logical Systems

The LATIN Atlas is huge: That’s me pointing at the theory for first-order logic

The UniFormal Library 10

Logic Diagrams in LATIN

An example fragment of the LATIN logic diagram

◮ nodes: MMT/LF theories ◮ edges: MMT/LF theory morphisms

PL ML SFOL DFOL FOL CL DL OWL HOL Mizar ZFC HOL Light Base ¬ . . . ∧ PL ∧Mod ∧Syn ∧Pf

◮ each node is root for library of that logic ◮ each edge yields library translation functor

library integration very difficult though

The UniFormal Library 11

OAF: Integration of Proof Assistant Libraries

◮ DFG project, 2014–2020, 15 contributors ◮ Big, overlapping libraries joined in MMT as the uniform

representation language > 100 GB XML in total Mizar, HOL systems, IMPS, Coq, PVS, Isabelle. . .

◮ enables archival, comparison, integration

LF MMT LF+X LATIN logic library . . . HOL Light HOL Light library Bool Arith . . . Mizar Mizar library XBoole XReal . . . Arith . . .

The UniFormal Library 12

OpenDreamKit: Virtual Math Research Environments

◮ EU project, 2015-2019, 15 sites, 25 partners

http://opendreamkit.org/

◮ MMT as mediator system

◮ system-independent formalization of math

> 200 theories no proofs, no algorithms

◮ integration of math computation systems

SageMath, GAP, Singular: services interfaces defined in MMT

◮ . . . and math databases

LMFDB, OEIS: database schemas defined in MMT

Example: dynamic retrieval

◮ SageMath user needs 13th transitive group with conductor 5 ◮ SageMath queries MMT ◮ MMT retrieves it from LMFDB, translates it to SageMath syntax

The UniFormal Library 13

MathHub

GitHub-like but for MMT projects https://gl.mathhub.info

◮ 251 Repositories ◮ 187 Users ◮ 28.5 GB

in March, probably doubled by now For example: Language Library Modules Declarations MMT Math-in-the-Middle 220 826 LF LATIN 529 2,824 PVS Prelude+NASA 974 24,084 Isabelle Distribution+AFP 9553 1,472,280 HOL Light Basic 189 22,830 Coq > 50 in total 1,979 167,797 Mizar MML 1,194 69,710 SageMath Distribution 1,399 GAP Library 9,050

MMT Overview 14

MMT Overview

MMT Overview 15

Basic Concepts

Design principle

◮ few orthogonal concepts ◮ uniform representations of diverse languages

sweet spot in the expressivity-simplicity trade off Concepts

◮ theory = named set of declarations

◮ foundations, logics, type theories, classes, specifications, . . .

◮ theory morphism = compositional translation

◮ inclusions, translations, models, katamorphisms, . . .

◮ constant = named atomic declaration

◮ function symbols, theorems, rules, . . . ◮ may have type, definition, notation

◮ term = unnamed complex entity, formed from constants

◮ expressions, types, formulas, proofs, . . .

◮ typing ⊢T s : t between terms relative to a theory

◮ well-formedness, truth, consequence . . .

MMT Overview 16

Example: Propositional Logic in the MMT IDE

MMT Overview 17

Small Scale Example (1)

Logical frameworks in MMT

theory LF { type Pi # Π V1 . 2 name[ : type][#notation] arrow # 1 → 2 lambda # λ V1 . 2 apply # 1 2 }

Logics in MMT/LF

theory Logic : LF { prop : type ded : prop → type # ⊢ 1 judgments-as-types } theory FOL : LF { include Logic term : type higher-order abstract syntax f o r a l l : ( term → prop ) → prop # ∀ V1 . 2 }

MMT Overview 18

Small Scale Example (2)

FOL from previous slide:

theory FOL : LF { include Logic term : type f o r a l l : ( term → prop ) → prop # ∀ V1 . 2 }

Proof-theoretical semantics of FOL

theory FOLPF : LF { include FOL rules are constants f o r a l l I n t r o : ΠF:term→prop . (Πx:term . ⊢ (F x ) ) → ⊢ ∀(λx:term . F x ) f o r a l l E l i m : ΠF:term→prop . ⊢ ∀(λx:term . F x ) → Πx:term . ⊢ (F x ) }

MMT Overview 19

Small Scale Example (3)

FOL from previous slide:

theory FOL : LF { include Logic term : type f o r a l l : ( term → prop ) → prop # ∀ V1 . 2 }

Algebraic theories in MMT/LF/FOL:

theory Magma : FOL { comp : term → term → term # 1 ◦ 2 } theory SemiGroup : FOL { include Magma, . . . } theory CommutativeGroup : FOL { include SemiGroup , . . . } theory Ring : FOL { a d d i t i v e : CommutativeGroup m u l t i p l i c a t i v e : Semigroup . . . }

MMT Overview 20

Abstract Syntax of Terms

Key ideas

◮ no predefined constants ◮ single general syntax tree constructor c(Γ;

E)

◮ c(Γ;

E) binds variables and takes arguments

◮ non-binding operators: Γ empty

e.g., apply(·; f , a) for (f a)

◮ typical binders: Γ and

E have length 1 e.g., lambda(x :A; t) for λx :A.t

contexts Γ ::= (x[: E][= E])∗ terms E ::= constants | c variables | x complex terms | c(Γ; E ∗) Terms are relative to theory T that declares the constants c

MMT Overview 21

Concrete Syntax of Terms

◮ Theories may attach notation(s) to each constant declaration ◮ Notations of c introduce concrete syntax for c(Γ;

E) e.g., for type theory concrete syntax constant declaration abstract syntax E ::= type type # type Πx : E1.E2 Pi # Π V1 . 2 Pi(x :E1; E2) E1 → E2 arrow # 1 → 2 arrow(·; E1, E2) λx : E1.E2 lambda # λ V1 . 2 lambda(x :E1; E2) E1 E2 apply # 1 2 apply(·; E1, E2)

MMT Overview 22

Judgments

◮ MMT terms subsume terms of specific languages ◮ Type systems singles out the well-typed terms

For any theory Σ: ⊢ Σ T = {Σ} is a valid theory definition ⊢T Γ Γ is a valid context Γ ⊢T t : A t has type A Γ ⊢T E = E ′ E and E ′ are equal Γ ⊢T : A A is inhabitable Two kinds of rules:

◮ MMT defines some global rules once and for all

foundation-independent rules

◮ declared in MMT theories, subject to scoping

foundation-specific rules

MMT Overview 23

Foundation-Independent Rules

◮ Lookup rules for atomic terms over a theory T = {Σ}

c : A in Σ ⊢T c : A c = t in Σ ⊢T c = t

◮ Equivalence and congruence rules for equality ◮ Rules for well-formed theories/contexts

⊢ · ⊢ Σ [⊢Σ : A] [⊢T t : A] ⊢ Σ, c[: A][= t]

MMT Overview 24

Foundation-Specific Rules

◮ Declared in theories as constants ◮ Carry reference to self-contained Scala object implementing a

rule interface ∼ 10 rule interfaces, in particular one for each algorithm:

◮ simplification: Γ ⊢T E =? ◮ equality checking: Γ ⊢T E = E ′ ? ◮ type inference: Γ ⊢T t :? ◮ type checking: Γ ⊢T t : A ? ◮ proving: Γ ⊢T ? : A

experimental E.g., λ-inference rule

◮ applicable to Γ ⊢T t :? whenever t = λx : A.s ◮ recursively infers type of s, returns Π-type ◮ reports errors and trace messages

MMT Overview 25

MMT Tool

Mature implementation

◮ API for representation language

foundation-independent

◮ Collection of reusable algorithms

no commitment to particular application

◮ Extensible wherever reasonable

storage backends, file formats, user interfaces, . . .

• perators and rules, language features, checkers, . . .

Separation of concerns between

◮ Foundation developers

e.g., language primitives, rules

◮ Service developers

e.g., search, theorem prover

◮ Application developers

e.g., IDE, proof assistant

Yields rapid prototyping for logic systems

MMT Overview 25

MMT Tool

Mature implementation

◮ API for representation language

foundation-independent

◮ Collection of reusable algorithms

no commitment to particular application

◮ Extensible wherever reasonable

storage backends, file formats, user interfaces, . . .

• perators and rules, language features, checkers, . . .

Separation of concerns between

◮ Foundation developers

e.g., language primitives, rules

◮ Service developers

e.g., search, theorem prover

◮ Application developers

e.g., IDE, proof assistant

Yields rapid prototyping for logic systems But how much can really be done foundation-independently? MMT shows: not everything, but a lot

MMT Overview 26

Logical Results

◮ Module system

modularity transparent to foundation developer

◮ Concrete/abstract syntax

notation-based parsing/presentation

◮ Interpreted symbols, literals

external model/implementation reflected into Mmt

◮ Type reconstruction

foundation plugin supplies only core rules

◮ Simplification

rule-based, integrated with type reconstruction

◮ Theorem proving? ◮ Code generation? Computation?

MMT Overview 27

Knowledge Management Results

◮ Change management

recheck only if affected

◮ Project management

indexing, building

◮ Extensible export infrastructure

Scala, SVG graphs, LaTeX, HTML, . . .

◮ Search, querying

substitution-tree and relational index

◮ Browser

interactive web browser, 2D/3D theory graph viewer

◮ Editing

IDE-like graphical interface, LaTeX integration

MMT Overview 28

Type Reconstruction

Algorithm

◮ MMT implements foundation-independent rules ◮ visible foundation-specific rules collected from current context ◮ algorithm delegates to foundation-specific rules as needed

General algorithm takes care of

◮ unknown meta-variables ◮ delaying constraints ◮ definition expansion ◮ module system

transparent to foundation-specific rules

Case Studies 29

Case Studies

Case Studies 30

Rewriting

Add rewriting to any language already defined in MMT Inspiration: LF modulo (e.g., Dedukti)

◮ Key idea: annotate

◮ a binary judgment as a rewrite predicate ◮ axioms for that judgment as rewrite rules

◮ Implement MMT plugin that dynamically generates new

simplification rules for each annotated axioms

◮ implemented via Change Listener interface ◮ Termination of rewrite system remain user’s responsibility

◮ Needed work: a few 100 hundred loc for the rule generator

Case Studies 31

External Side Conditions

Monadic type operator for calling external side conditions LLFP paper by Honsell, Liquori, Maksimovic, Scagnetto

◮ Special expressions that represent keys

◮ normal MMT expressions ◮ but not part of the type system

◮ New rules for keys that run external side condition ◮ Variables typed by keys indicate which locks can be opened

◮ declared wheneve traversing into the monad ◮ automatically ignored by all other typing rules

◮ Add new rules for lock types that look for keys in the context

◮ if found, monad can be inspected ◮ otherwise, discharge external side condition by calling rule for

key

◮ Needed work: ∼ 100 loc for 7 rules

One evening at Dagstuhl with Ivan

Case Studies 32

Linear Logic

Inspiration: resource semantics to represent linear logic in LF-like structural framework MMT context lookup obeys structural rules

◮ Already done in LF

◮ Kripke style model, worlds represent available resources ◮ monoid of worlds to represent empty world, union ◮ additional laws represent structural rules

e.g., commutativity for exchange

◮ Problem in LF: requires explicit reasoning in the monoid

awkward, inadequate

◮ Solution: add new rules for equality reasoning ◮ Needed work: depends on desired reasoning strength, < 100

loc for simple version

Conclusion 33

Conclusion

Conclusion 34

Summary

◮ MMT: foundation-independent framework for declarative

languages

◮ representation language ◮ implementation

◮ Easy to instantiate with specific foundations

rapid prototyping logic systems

◮ Deep foundation-independent results

◮ logical: parsing, type reconstruction, module system, . . . ◮ knowledge management: search, browsers, IDE, . . .

◮ Serious contender for

◮ experimenting with new system ideas ◮ generic applications/services ◮ universal library ◮ system integration platform

MMT-Based Foundation-Independent Results 35

MMT-Based Foundation-Independent Results

MMT-Based Foundation-Independent Results 36

IDE

◮ Inspired by programming language IDEs ◮ Components

◮ jEdit text editor (in Java): graphical interface ◮ MMT API (in Scala) ◮ jEdit plugin to tie them together

• nly ∼ 1000 lines of glue code

◮ Features

◮ outline view ◮ error list ◮ display of inferred information ◮ type inference of subterms ◮ hyperlinks: jump to definition ◮ search interface ◮ context-sensitive auto-completion: show identifiers that

MMT-Based Foundation-Independent Results 37

IDE: Example View

MMT-Based Foundation-Independent Results 38

An Interactive Library Browser

◮ MMT content presented as HTML5+MathML pages ◮ Dynamic page updates via Ajax ◮ MMT used through HTTP interface with JavaScript wrapper ◮ Features

◮ interactive display

e.g., inferred types, redundant brackets

◮ smart navigation via MMT ontology

can be synchronized with jEdit

◮ dynamic computation of content

e.g., definition lookup, type inference

◮ graph view: theory diagram as SVG

MMT-Based Foundation-Independent Results 39

Browser: Example View

MMT-Based Foundation-Independent Results 40

Browser Features: 2-dimensional Notations

MMT-Based Foundation-Independent Results 41

Browser Features: Proof Trees

MMT-Based Foundation-Independent Results 42

Browser Features: Type Inferece

MMT-Based Foundation-Independent Results 43

Browser Features: Parsing

MMT-Based Foundation-Independent Results 44

Example Service: Search

MMT-Based Foundation-Independent Results 45

Example Service: Theory Graph Viewer

Theory graphs with 1000s of nodes → special visualization tools needed recently even in 3D demo at https://www.youtube.com/watch?v=Mx7HSWD5dwg

L

AT

EX Integration

◮ upper part: L AT

EX source for the item on associativity

◮ lower part: pdf after compiling with L AT

EX-MMT

◮ enriched with type inference, cross references, tooltips

e.g., type argument M of equality symbol